Email server breach sees Celsians targeted by phishing attacks
Celsius customers have been targeted with fraudulent SMS and email communications after a third-party email distribution server was compromised by hackers.
Crypto asset lending platform, Celsius Network, has revealed an email server breach that resulted in malicious phishing links being sent to customers.
An April 15 announcement notes that some of Celsius’ customers have been receiving emails and SMS messages directing them to a malicious website impersonating the Celsius platform. The messages claim the link would direct them to a new web wallet from Celsius, purporting to offer $500 to users who create a wallet using the link.
Celsius asserts the phishing links were sent after “an unauthorized party managed to gain access to a back-up third-party email distribution system which had connections to a partial customer email list” — allowing the malicious actors to target users with the phishing attempt.
If accessed, the fraudulent link prompts users to provide the seed phrase to their personal wallet, enablinge hackers to drain their funds.
While the team asserts it was able to react quickly and minimize the impacts to its users, a thread on Reddit suggests at least $300,000 worth of crypto has been stolen from Celsius’ customers, with one forum-goer, “VaporFye,” claiming to has lost 20 Ether ($50,000) to the scammer.
Celsius CEO and founder, Alex Mashinksy, sought to assure the community that “Celsius remains fully secure” and its systems “have not been breached in any way.”
“Customer funds and sensitive data are safe within our back-end systems, and our security team has done an incredible job to identify the situation and very quickly notify the Celsius community with extreme urgency on the steps and precautions to be followed.”
The announcement notes that Celsius’ team is still actively investigating how the unauthorized actor was able to access its third-party email system.
“We know that customers who had not registered an email or phone number with Celsius also received fraudulent messages to these contact details, thus we believe the data was collected from external data sources,” the post added.
The email breach occurred the day after Celsius’ native CEL token was listed for trading on major exchange OKEx.
Despite the incident, the price of CEL is up nearly 1% in the past 24 hours and has gained 50% in the past fortnight. Cel last changed hands for $7.03, according to CoinGecko.